vqavideo: check the version

Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Luca Barbato 2013-06-27 03:19:05 +02:00
parent 636ced8e1d
commit c4abc9098c

View File

@ -134,6 +134,17 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
/* load up the VQA parameters from the header */
s->vqa_version = s->avctx->extradata[0];
switch (s->vqa_version) {
case 1:
case 2:
break;
case 3:
avpriv_report_missing_feature(avctx, "VQA Version %d", s->vqa_version);
return AVERROR_PATCHWELCOME;
default:
avpriv_request_sample(avctx, "VQA Version %i", s->vqa_version);
return AVERROR_PATCHWELCOME;
}
s->width = AV_RL16(&s->avctx->extradata[6]);
s->height = AV_RL16(&s->avctx->extradata[8]);
if ((ret = av_image_check_size(s->width, s->height, 0, avctx)) < 0) {